tldr - powered by Generative AI

• The goal is to demonstrate the possibility of using webassembly to run filters in languages other than C++
• Istio provides a way to extend proxies with webassembly filters and configure them with HML configuration
• The filters can be pushed to a default register and pulled by the proxies
• The webassembly models are portable and can be used in different platforms
• There is an API to perform HTTP requests outbound and get state from the outside world

tldr - powered by Generative AI

• Emissary is a self-service, developer-centric API Gateway with various resilience features
• The project has had several new releases and added features since kubecon Detroit
• Emissary is built on top of Envoy Gateway
• Edge stack provides an implementation of external services used by Emissary
• Emissary is likely to shift to being built on top of Envoy Gateway
• Newer versions of Emissary have a component called apix that handles translation between crd versions

tldr - powered by Generative AI

• Grpc has reached 66,000 stars on GitHub and has a large number of new members in the last six months
• The team is investing more in the project and has a very active release cadence
• The proxylist servermesh product has launched observability and custom load balancer policy features
• The team takes issues and pull requests seriously and encourages contributions from outside the team
• Grpc is interested in having more maintainers and graduating from incubator status

tldr - powered by Generative AI

• The Amway ecosystem has various components such as circuit breaker, cluster and endpoint discovery, and even streamer.
• Capacity management, performance, scalability, security, and operational readiness are important factors to consider in making the Amway system production-ready.
• The Apprentice public roadmap is available on GitHub for customers to provide feedback and suggestions.
• The presentation emphasizes the importance of observability, reliability, and availability in building a solid request relative with high throughput and performance.

tldr - powered by Generative AI

• Users want reliable software, but they don't necessarily care about the internal details.
• API Gateway and service mesh can be used to mitigate the effects of badly behaving code and give users a better experience.
• Retry, timeout, and rate limit are simple yet effective tools to use in the API Gateway and service mesh.
• Developers, QA, and platform engineers need to think about the end-to-end solution, but they should ideally start with the services and communications.
• Observability and debugging tools can be helpful in identifying and fixing issues.
• Documentation and contribution to open-source projects are important for developer-focused and self-service solutions.

tldr - powered by Generative AI

• Cloud Native is an evolution of how to better meet application developers needs in a world that has moved beyond the mental model of the underlying infrastructure
• Cloud Native Networking is vast, encompassing various projects such as CNI, CoreDNS, Envoy, gRPC, Linkerd, NATs, Network Service Mesh, BFE, Contour, Kuma, Service Mesh Interface, Chaos Mesh, Open Service Mesh, Emissary, k8gb, Service Mesh Performance, Submariner, Cilium, Meshery, Fab Edge, Istio, Nighthawk, Aeraki, and FabEdge
• Minimal toil is one of the central maxims of Cloud Native, which includes the cognitive toil involved in understanding what to do
• CNI is the SPI that plugins must meet in order to provide networking to a Kubernetes cluster
• The base layer of what you get in intra-cluster networking is every pod can reach every other pod via L3 VIP
• Isolation in Kubernetes is typically done with Network policies, which allow you to specify via selection certain pods that are going to be isolated
• Services deal with service discovery and routing in the most basic sense

tldr - powered by Generative AI

• Service proxies are becoming increasingly complex data parsers
• Envoy supports HTTP protocol translation, payload decompression, gRPC-JSON transcoding, and many other features that operate directly on raw request bytes
• Malicious HTTP requests may trigger undefined behavior, resulting in service mesh downtime
• Coverage-guided fuzz tests capture intricate corner cases that a developer may have missed
• Integration with OSS Fuzz provides continuous fuzz testing and vulnerability reports
• Continuous fuzzing is essentially running fuzzers 24/7 in the background
• Coverage-guided fuzzers employ a feedback loop to generate inputs based on code coverage
• Optimization problem: fuzzers are trying to optimize against the input space and the loss function is inversely proportional to code coverage